We all know by now that the Internet, while an amazing resource and great time sucker, it is also a place to be weary. Every day we browse, clicking from site to site, shop, comment, register on new sites and share. We trust. We trust that the place we visit are secure and that the servers we talk to are secure or we don’t even think about these things as we don’t understand the technology behind the pages we visit.
The internet provides us with a false sense of security, anonymity, a place to be an armchair warrior for the causes we choose to fight for, a hiding place for angry trolls. We venture into subjects and places that in the real world we would never dare to go or discuss. Nobody knows who the person behind the keyboard is….right?
We are uniquely identified, tagged and recorded. Not just by Big Brother the Government and authorities, but by every place/server we visit. Servers log IP addresses, those can be geo-located, narrowed down to your general location and provider. Your PC type, operating system, many things are recorded as you travel around the web. The majority of people don’t know this – it is complete naivety thinking nothing is logged.
We browse and continue to use the Internet with a blind trust, that is, until something goes terribly wrong. Data breaches. Regular headlines of banks, healthcare providers and online stores reporting hacking incidents and stolen personal information. Your data is worth money be it for fraud and identify theft or maybe worse bribery and harm to your reputation. High profile examples of data breaches that caused major embarrassment include the Ashley Madison the hookup site for married people. This data leak caused major embarrassment to public figures for example, Josh Duggar who was outed as a serial cheater and was eaten alive by the media. Other people military, government email addresses, clergymen and people in places of public importance and high esteem were found on the leaked and published email lists.
This month alone there have been major dumps of user data published on the web. Hotmail, Yahoo, Gmail and other user account information was leaked. More embarrassingly a hugely private and sensitive subject matter forum was hacked – read here on TheRegister.
What happens with these data leaks? A huge percentage of people use the same user name and password across many if not all of their accounts. A hacker or someone who has obtained your information to say your email account can analyze your Inbox, see where you have bank accounts, statements, social media accounts and then plan their further attacks from there. Maybe they empty your bank accounts, purchase high ticket items from online stores or maybe they plan a more personal attack on you via social media with a means to bribery and extorting money. Those pictures in your email, messages, social media you thought were safe, they’re now up for grabs, for publishing, for shaming – what now? Your passwords have been changed by the attacker, you no longer have access to your email or social media accounts you have been frozen out of everything and someone else has control. This is a daily occurrence and a huge issue we face when we live online.
We trust. We trust that the services we use are safe. They are not. Financial institutions spend millions on data security but still have leaks or hacks – data security is complex and not all attack vectors can be assessed or tested for. Other sites have zero spent on security, no updates or little understanding of what is required to sufficiently protect their user base.
So what do we do?
Strong usernames and passwords can prevent guesswork and dictionary attacks on your accounts BUT if the database of usernames and passwords is leaked publicly even the most complex password is not going to save you! Unique usernames and passwords on all of your difference services will save you some heartache but it requires a mastermind to be able to remember a ton of different and complex passwords! Using passphrases vs passwords can help but maybe the best tool to help with the security dilemma is a password manager.
Password Managers have been around for a while now. Today most offer high levels of encryption to keep your personal information safe as well as synchronization of your password data across all of you devices so you can remain secure on all the platforms you use. Is storing all of your password information all in one place a security issue in itself? If it is stored locally vs in the cloud then you are pretty safe based on the encryption used and a strong password being required to further secure the data.
Here is a review of the best password managers for 2016 via PC Magazine. The Editors Choice was Dashlane.
Dashlane offers a unique option amongst the password managers available. Dashlane has the option to change ALL of your passwords with the click of a button. It will, should you find or suspect you have been compromised, change all of your passwords (on over 500 supported websites/services) using strong passwords – all of which are updated in your password database and all autofill when you access your websites.
You can download Dashlane for free here or purchase the annual subscription option that allows you to sync your passwords across all of your devices vs one computer. More information on Dashlane can be found here.